[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-panel-devel
Subject: Re: platform specific imports and import security
From: "Aaron J. Seigo" <aseigo () kde ! org>
Date: 2013-09-19 7:15:45
Message-ID: 2590987.77EQo4GA3j () freedom
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Wednesday, September 18, 2013 17:21:29 Marco Martin wrote:
> * security *
> ** forbid access to absolute paths that are ouside both the applet package
> and the import paths (implemented)
this means having a registry of permissions somewhere and a way to manage
those permissions. colour me excited, though, as this fills in a large
remaining gap.
> con: a QQmlAbstractUrlInterceptor needs to be installed in order to work, so
> works only for plasmoids at the moment (while we would want it to work on
> any qml app)
>
>
> A way to solve the con may be installing the QQmlAbstractUrlInterceptor in
> kdeclarative (therefore for plasmoids we would need to install a subclass of
> the kdeclarative one that knows also about plasma packages)
That makes sense imho ...
> The only thing i'm a bit concerned of (but hopefully shouldn't incide too
> much) is potential overhead mostly at startup, since it adds a *lot* of
> string comparisons (and possibly some filesystem lookup as well)
We'll probably need to carefully take care of caching and namespacing tricks
to mitigate this ...
--
Aaron J. Seigo
["signature.asc" (application/pgp-signature)]
_______________________________________________
Plasma-devel mailing list
Plasma-devel@kde.org
https://mail.kde.org/mailman/listinfo/plasma-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic